4 Copyright (C) Simo Sorce 2005-2008
6 ** NOTE! The following LGPL license applies to the ldb
7 ** library. This does NOT imply that all of Samba is released
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public
21 License along with this library; if not, see <http://www.gnu.org/licenses/>.
27 * Component: ldb extended dn control module
29 * Description: this module builds a special dn
35 #include "ldb/include/ldb.h"
36 #include "ldb/include/ldb_errors.h"
37 #include "ldb/include/ldb_private.h"
38 #include "librpc/gen_ndr/ndr_misc.h"
39 #include "dsdb/samdb/samdb.h"
40 #include "libcli/security/security.h"
44 static bool is_attr_in_list(const char * const * attrs, const char *attr)
48 for (i = 0; attrs[i]; i++) {
49 if (strcasecmp(attrs[i], attr) == 0)
56 static char **copy_attrs(void *mem_ctx, const char * const * attrs)
61 for (num = 0; attrs[num]; num++);
63 new = talloc_array(mem_ctx, char *, num + 1);
64 if (!new) return NULL;
66 for(i = 0; i < num; i++) {
67 new[i] = talloc_strdup(new, attrs[i]);
78 static bool add_attrs(void *mem_ctx, char ***attrs, const char *attr)
83 for (num = 0; (*attrs)[num]; num++);
85 new = talloc_realloc(mem_ctx, *attrs, char *, num + 2);
86 if (!new) return false;
90 new[num] = talloc_strdup(new, attr);
91 if (!new[num]) return false;
98 static int inject_extended_dn(struct ldb_message *msg,
99 struct ldb_context *ldb,
104 const struct ldb_val *val;
107 const DATA_BLOB *guid_blob;
108 const DATA_BLOB *sid_blob;
113 guid_blob = ldb_msg_find_ldb_val(msg, "objectGUID");
114 sid_blob = ldb_msg_find_ldb_val(msg, "objectSID");
117 return LDB_ERR_OPERATIONS_ERROR;
122 /* return things in hexadecimal format */
124 const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob));
125 const char *lower_sid_hex = strlower_talloc(msg, data_blob_hex_string(msg, sid_blob));
126 if (!lower_guid_hex || !lower_sid_hex) {
127 return LDB_ERR_OPERATIONS_ERROR;
129 new_dn = talloc_asprintf(msg, "<GUID=%s>;<SID=%s>;%s",
132 ldb_dn_get_linearized(msg->dn));
134 const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob));
135 if (!lower_guid_hex) {
136 return LDB_ERR_OPERATIONS_ERROR;
138 new_dn = talloc_asprintf(msg, "<GUID=%s>;%s",
140 ldb_dn_get_linearized(msg->dn));
145 /* retrieve object_guid */
146 guid = samdb_result_guid(msg, "objectGUID");
147 object_guid = GUID_string(msg, &guid);
149 /* retrieve object_sid */
151 sid = samdb_result_dom_sid(msg, msg, "objectSID");
153 object_sid = dom_sid_string(msg, sid);
155 return LDB_ERR_OPERATIONS_ERROR;
159 /* Normal, sane format */
161 new_dn = talloc_asprintf(msg, "<GUID=%s>;<SID=%s>;%s",
162 object_guid, object_sid,
163 ldb_dn_get_linearized(msg->dn));
165 new_dn = talloc_asprintf(msg, "<GUID=%s>;%s",
167 ldb_dn_get_linearized(msg->dn));
171 return LDB_ERR_OPERATIONS_ERROR;
175 return LDB_ERR_OPERATIONS_ERROR;
179 ldb_msg_remove_attr(msg, "objectGUID");
182 if (sid_blob && remove_sid) {
183 ldb_msg_remove_attr(msg, "objectSID");
186 msg->dn = ldb_dn_new(msg, ldb, new_dn);
187 if (! ldb_dn_validate(msg->dn))
188 return LDB_ERR_OPERATIONS_ERROR;
190 val = ldb_msg_find_ldb_val(msg, "distinguishedName");
192 ldb_msg_remove_attr(msg, "distinguishedName");
193 if (ldb_msg_add_steal_string(msg, "distinguishedName", new_dn))
194 return LDB_ERR_OPERATIONS_ERROR;
201 struct extended_context {
203 struct ldb_module *module;
204 struct ldb_request *req;
205 struct ldb_control *control;
206 struct ldb_dn *basedn;
207 char *wellknown_object;
212 const char * const *cast_attrs;
215 static int extended_callback(struct ldb_request *req, struct ldb_reply *ares)
217 struct extended_context *ac;
220 ac = talloc_get_type(req->context, struct extended_context);
223 return ldb_module_done(ac->req, NULL, NULL,
224 LDB_ERR_OPERATIONS_ERROR);
226 if (ares->error != LDB_SUCCESS) {
227 return ldb_module_done(ac->req, ares->controls,
228 ares->response, ares->error);
231 switch (ares->type) {
232 case LDB_REPLY_ENTRY:
234 /* for each record returned post-process to add any derived
235 attributes that have been asked for */
236 ret = inject_extended_dn(ares->message, ac->module->ldb,
237 ac->extended_type, ac->remove_guid,
239 if (ret != LDB_SUCCESS) {
240 return ldb_module_done(ac->req, NULL, NULL, ret);
244 return ldb_module_send_entry(ac->req, ares->message);
246 case LDB_REPLY_REFERRAL:
247 return ldb_module_send_referral(ac->req, ares->referral);
250 return ldb_module_done(ac->req, ares->controls,
251 ares->response, LDB_SUCCESS);
257 static int extended_base_callback(struct ldb_request *req, struct ldb_reply *ares)
259 struct extended_context *ac;
260 struct ldb_request *down_req;
261 struct ldb_control **saved_controls;
262 struct ldb_message_element *el;
267 const char *found = NULL;
269 ac = talloc_get_type(req->context, struct extended_context);
272 return ldb_module_done(ac->req, NULL, NULL,
273 LDB_ERR_OPERATIONS_ERROR);
275 if (ares->error != LDB_SUCCESS) {
276 return ldb_module_done(ac->req, ares->controls,
277 ares->response, ares->error);
280 switch (ares->type) {
281 case LDB_REPLY_ENTRY:
282 if (!ac->wellknown_object) {
283 ac->basedn = ares->message->dn;
287 wkn_len = strlen(ac->wellknown_object);
289 el = ldb_msg_find_element(ares->message, "wellKnownObjects");
295 for (i=0; i < el->num_values; i++) {
296 valstr = talloc_strndup(ac,
297 (const char *)el->values[i].data,
298 el->values[i].length);
300 ldb_oom(ac->module->ldb);
301 return ldb_module_done(ac->req, NULL, NULL,
302 LDB_ERR_OPERATIONS_ERROR);
305 if (strncasecmp(valstr, ac->wellknown_object, wkn_len) != 0) {
310 found = &valstr[wkn_len];
318 ac->basedn = ldb_dn_new(ac, ac->module->ldb, found);
321 ldb_oom(ac->module->ldb);
322 return ldb_module_done(ac->req, NULL, NULL,
323 LDB_ERR_OPERATIONS_ERROR);
328 case LDB_REPLY_REFERRAL:
334 const char *str = talloc_asprintf(req, "Base-DN '%s' not found",
335 ldb_dn_get_linearized(ac->req->op.search.base));
336 ldb_set_errstring(ac->module->ldb, str);
337 return ldb_module_done(ac->req, NULL, NULL,
338 LDB_ERR_NO_SUCH_OBJECT);
341 ret = ldb_build_search_req_ex(&down_req,
344 ac->req->op.search.scope,
345 ac->req->op.search.tree,
348 ac, extended_callback,
350 if (ret != LDB_SUCCESS) {
351 return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
355 /* save it locally and remove it from the list */
356 /* we do not need to replace them later as we
357 * are keeping the original req intact */
358 if (!save_controls(ac->control, down_req, &saved_controls)) {
359 return ldb_module_done(ac->req, NULL, NULL,
360 LDB_ERR_OPERATIONS_ERROR);
364 /* perform the search */
365 return ldb_next_request(ac->module, down_req);
370 static int extended_search(struct ldb_module *module, struct ldb_request *req)
372 struct ldb_control *control;
373 struct ldb_extended_dn_control *extended_ctrl = NULL;
374 struct ldb_control **saved_controls;
375 struct extended_context *ac;
376 struct ldb_request *down_req;
379 struct ldb_dn *base_dn = NULL;
380 enum ldb_scope base_dn_scope = LDB_SCOPE_BASE;
381 const char *base_dn_filter = NULL;
382 const char * const *base_dn_attrs = NULL;
383 char *wellknown_object = NULL;
384 static const char *dnattr[] = {
388 static const char *wkattr[] = {
393 if (ldb_dn_is_special(req->op.search.base)) {
396 dn = ldb_dn_alloc_linearized(req, req->op.search.base);
398 ldb_oom(module->ldb);
399 return LDB_ERR_OPERATIONS_ERROR;
402 if (strncasecmp(dn, "<SID=", 5) == 0) {
409 return LDB_ERR_INVALID_DN_SYNTAX;
417 p = strchr(str, '>');
419 return LDB_ERR_INVALID_DN_SYNTAX;
423 if (strncasecmp(str, "S-", 2) == 0) {
427 binary = strhex_to_data_blob(str);
429 ldb_oom(module->ldb);
430 return LDB_ERR_OPERATIONS_ERROR;
432 valstr = ldb_binary_encode(req, binary);
433 data_blob_free(&binary);
435 ldb_oom(module->ldb);
436 return LDB_ERR_OPERATIONS_ERROR;
440 /* TODO: do a search over all partitions */
441 base_dn = ldb_get_default_basedn(module->ldb);
442 base_dn_filter = talloc_asprintf(req, "(objectSid=%s)", valstr);
443 if (!base_dn_filter) {
444 ldb_oom(module->ldb);
445 return LDB_ERR_OPERATIONS_ERROR;
447 base_dn_scope = LDB_SCOPE_SUBTREE;
448 base_dn_attrs = dnattr;
449 } else if (strncasecmp(dn, "<GUID=", 6) == 0) {
456 return LDB_ERR_INVALID_DN_SYNTAX;
464 p = strchr(str, '>');
466 return LDB_ERR_INVALID_DN_SYNTAX;
470 if (strchr(str, '-')) {
474 binary = strhex_to_data_blob(str);
476 ldb_oom(module->ldb);
477 return LDB_ERR_OPERATIONS_ERROR;
479 valstr = ldb_binary_encode(req, binary);
480 data_blob_free(&binary);
482 ldb_oom(module->ldb);
483 return LDB_ERR_OPERATIONS_ERROR;
487 /* TODO: do a search over all partitions */
488 base_dn = ldb_get_default_basedn(module->ldb);
489 base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)", valstr);
490 if (!base_dn_filter) {
491 ldb_oom(module->ldb);
492 return LDB_ERR_OPERATIONS_ERROR;
494 base_dn_scope = LDB_SCOPE_SUBTREE;
495 base_dn_attrs = dnattr;
496 } else if (strncasecmp(dn, "<WKGUID=", 8) == 0) {
502 return LDB_ERR_INVALID_DN_SYNTAX;
508 wellknown_object = talloc_asprintf(req, "B:32:%s:", &dn[8]);
509 if (!wellknown_object) {
510 ldb_oom(module->ldb);
511 return LDB_ERR_OPERATIONS_ERROR;
515 p = strchr(tail_str, '>');
517 return LDB_ERR_INVALID_DN_SYNTAX;
521 base_dn = ldb_dn_new(req, module->ldb, tail_str);
523 ldb_oom(module->ldb);
524 return LDB_ERR_OPERATIONS_ERROR;
526 base_dn_filter = talloc_strdup(req, "(objectClass=*)");
527 if (!base_dn_filter) {
528 ldb_oom(module->ldb);
529 return LDB_ERR_OPERATIONS_ERROR;
531 base_dn_scope = LDB_SCOPE_BASE;
532 base_dn_attrs = wkattr;
537 /* check if there's an extended dn control */
538 control = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID);
539 if (control == NULL && base_dn_filter == NULL) {
540 /* not found go on */
541 return ldb_next_request(module, req);
544 if (control && control->data) {
545 extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control);
546 if (!extended_ctrl) {
547 return LDB_ERR_PROTOCOL_ERROR;
551 ac = talloc_zero(req, struct extended_context);
553 ldb_oom(module->ldb);
554 return LDB_ERR_OPERATIONS_ERROR;
559 ac->control = control;
561 ac->wellknown_object = wellknown_object;
563 ac->remove_guid = false;
564 ac->remove_sid = false;
569 ac->extended_type = extended_ctrl->type;
571 ac->extended_type = 0;
574 /* check if attrs only is specified, in that case check wether we need to modify them */
575 if (req->op.search.attrs) {
576 if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) {
577 ac->remove_guid = true;
579 if (! is_attr_in_list(req->op.search.attrs, "objectSID")) {
580 ac->remove_sid = true;
582 if (ac->remove_guid || ac->remove_sid) {
583 new_attrs = copy_attrs(ac, req->op.search.attrs);
584 if (new_attrs == NULL) {
585 ldb_oom(module->ldb);
586 return LDB_ERR_OPERATIONS_ERROR;
589 if (ac->remove_guid) {
590 if (!add_attrs(ac, &new_attrs, "objectGUID"))
591 return LDB_ERR_OPERATIONS_ERROR;
593 if (ac->remove_sid) {
594 if (!add_attrs(ac, &new_attrs, "objectSID"))
595 return LDB_ERR_OPERATIONS_ERROR;
597 ac->cast_attrs = (const char * const *)new_attrs;
599 ac->cast_attrs = req->op.search.attrs;
605 ret = ldb_build_search_req(&down_req,
612 ac, extended_base_callback,
614 if (ret != LDB_SUCCESS) {
615 return LDB_ERR_OPERATIONS_ERROR;
618 /* perform the search */
619 return ldb_next_request(module, down_req);
622 ret = ldb_build_search_req_ex(&down_req,
625 req->op.search.scope,
629 ac, extended_callback,
631 if (ret != LDB_SUCCESS) {
632 return LDB_ERR_OPERATIONS_ERROR;
636 /* save it locally and remove it from the list */
637 /* we do not need to replace them later as we
638 * are keeping the original req intact */
639 if (!save_controls(control, down_req, &saved_controls)) {
640 return LDB_ERR_OPERATIONS_ERROR;
644 /* perform the search */
645 return ldb_next_request(module, down_req);
648 static int extended_init(struct ldb_module *module)
652 ret = ldb_mod_register_control(module, LDB_CONTROL_EXTENDED_DN_OID);
653 if (ret != LDB_SUCCESS) {
654 ldb_debug(module->ldb, LDB_DEBUG_ERROR,
655 "extended_dn: Unable to register control with rootdse!\n");
656 return LDB_ERR_OPERATIONS_ERROR;
659 return ldb_next_init(module);
662 _PUBLIC_ const struct ldb_module_ops ldb_extended_dn_module_ops = {
663 .name = "extended_dn",
664 .search = extended_search,
665 .init_context = extended_init
git.samba.org / ira / wip.git / blob